October 21, 2015

2-of-2 Multisig

One of the criticisms of our first products was the fact that our coins weren’t trustless. The private key is created by us. That requires trust. If the plan is to store a significant amount of bitcoin, one doesn’t necessarily want to take any chances. Therefore we wanted to add an option for a trustless Denarium coin.

Denarium Multisig uses a 2-of-2 multi-signature model where you can provide a personal public key which is combined with the key in the Denarium coin to create a P2SH bitcoin address. That is a bitcoin address always starting with number 3. The second-factor private key can be generated in any way; you can use any wallet software, paper wallet, or deterministic wallet as long as you are able to export a single public key from it.

When you order a Denarium Multisig coin, you receive a unique P2SH address for each coin in that order. In most cases, you would use the same two-factor key for every coin you have, but it is also possible to order different keys for every coin in the same shipment; just add the product to the cart multiple times.  When you activate the coin, it is loaded like an ordinary Denarium coin. Also, by sending bitcoins to the provided P2SH address, it is possible to load any bitcoin amount to the coin at a later time.

To spend the bitcoins, you must have access to your private key and the private key hidden in the coin. It needs some manual work currently, but the future handling of multisig coins will certainly become much easier.

All second-factor public keys are published in the Denarium database. That makes spending the coin value easier; you don’t need to store the multisig script yourself. Just keep your Denarium coin and the second-factor private key safe. Needless to say, but we can’t help if you lose your keys.

How to extract a public key from various wallets

We have compiled instructions for some popular wallets about how to extract a public key for your second-factor address. Please note that extended public keys (BIP 0032) used by so-called HD wallets are not directly compatible, but there are tools for extracting a public key from any given address in an HD wallet.

Bitaddress.org:

Bitaddress is not a wallet but a popular tool for creating paper wallets. Please be advised that you should do all private key handling offline.

 

  1. Generate a new private key, if needed
  2. Go to Wallet details
  3. Paste private key and click View details
  4. Collect public key.

Both compressed and uncompressed formats are OK as long as you store the corresponding private key. If you have a choice, pick compressed format.

Electrum:

$ electrum getpubkeys 1DjXKF6FRrc79JgLmCXraYukm4y4XPmzF4
{
    "address": "1DjXKF6FRrc79JgLmCXraYukm4y4XPmzF4",
    "pubkeys": [
        "04a00615120e73534c36eb78db4f7ea3ee72e9bd2e93c95245abfda3fc60f1ecc185a7fd9713518097a75ee6b77740740123b2626bb2e91074ca0b876c75a6abba"
    ]
}

Public key is emboldened. If you want to generate a new bitcoin address, just create one before running getpubkeys.

Bitcoin Core and Classic:

$ validateaddress 15uxSLE66YZEwti9Jw1L7RKJ2w5B6mLUTr
{
    “account”: “”,
    “address': “15uxSLE66YZEwti9Jw1L7RKJ2w5B6mLUTr”,
    “iscompressed': true,
    “ismine': true,
    “isscript': false,
    “isvalid': true,
    “iswatchonly': false,
    “pubkey': “0267d5f60d94a6bbe9860ac989dc1cc6f5933313aa6a85ea4a22ec1a7a2452beef”,
    “scriptPubKey”: “76a91435e468cf810e1899c9e43e7e9e24bd02a4a5faf788ac”
}

The public key is emboldened. If you want to generate a new bitcoin address, use getnewaddress before validateaddress.

Other wallets:

Our instructions are not comprehensive, but we are happy to add instructions for your wallet of choice.

If you can’t find a method for extracting a public key,  but you can obtain a private key, it is possible to use bitaddress.org to extract a public key. Please be advised that you should do it offline.

 

Spending:

Step by step guide for spending: https://bitcointalk.org/index.php?topic=2654387.msg27187157#msg27187157